Web Site

Domain-name-system.org

» Domain Name System » Topics begins with K » KEY resource record

Printer Friendly FormatPrinter Friendly Format
Bookmark page - KEY resource recordBookmark this page
Back to Domain Name SystemBack to "Domain Name System"
Page modified: Friday, June 23, 2006 20:29:01

KEYS resource record serve publicising public keys by DNS. KEYS records were used in the framework by DNSSEC (DNS Security), replaced starting from 2004 however by the almost identical DNSKEY resource record.

Background

Publication IC key systems are considered today as efficient and variously applicable coding procedures. The owner of a key signatoryly for example private key admitted a message with only it. A receiver can verify this signature with help corresponding public keys and thus guarantee that the message actually comes from the sender and that it is genuine.

A Grundproblem of publication IC key systems is the distribution of the public keys: How does a user announce its Public key of the The procedure described here uses DNS. The owner of the key puts this down as KEY-RR on a publicly DNS server. Everyone, which needs the Public key this users, sends an appropriate DNS inquiry. As answer it receives then the public key. The procedure corresponds thereby to publicising of IP addresses.

Structure

A KEY-RR exists the following fields:

Label name of the owner of the only IN type of permissible key flag additional data like e.g. host, zone or user key minutes 1=TLS, 2=email, 3=DNSSEC, 4=IPsec, 1=MD5, 2=Diffie Hellman,

Example

child.example IN KEY (256; Zone key 3; dnssec 3; DSA coding BOPdJjdc/ZQWCVA/ONz6LjvugMnB2KKL3F1D2i9Gdrpi rcWRKS2DfRn5KiMM2HQXBHv0ZdkFs/tmjg7rYxrN+bzB NrlwfU5RMjioi67PthD07EHbZjwoZ5sKC2BZ/M596hyg fx5JAvbIWBQVF+ztiuCnWCkbGvVXwsmE+odINCur+o+E jA9hF06LqTviUJKqTxisQO5OHM/0ufNenzIbijJPTXbU cF3vW+CMlX+AUPLSag7YnhWaEu7BLCKfg3vJVw9mtaN2 W3oWPRdebGUf/QfyVKXoWD6zDLByCZh4wKvpcwgAsel4 bO5LVe7s8qstSxqrwzmvaZ5XYOMZFbN7CXtutiswAkb0 pkehIYime6IRkDwWDG+14H5yriRuCDK3m7GvwxMo+ggV 0k3Po9LD5wWSIi1N); key ID = 22004

Security of the procedure

Publicising of a public key by DNS is sufficiently safe only if the appropriate KEY-RR is secured by DNSSEC by a SIG resource record digitally signed and the DNS Request. Publicising by a X.509-Zertifikat is still safer, but very many more and more expensively.

Related links
  • RFC 2535 - DNS Security Extension
    •  

Printer Friendly FormatPrinter Friendly Format
Back to topBack to top
Back to Domain Name SystemBack to "Domain Name System"
Articles in category "KEY resource record"
We found here 2 articles.
K
» KEY resource record
» Konnektivitkoordination
Back to topBack to top
Back to Domain Name SystemBack to "Domain Name System"
Related Websites
We found here 5 related websites.
Back to topBack to top
Back to Domain Name SystemBack to "Domain Name System"
Page cached: Wednesday, July  5, 2006 14:16:01
Valid XHTML 1.0!  Valid CSS!
Page copy protected against web site content infringement by Copyscape